GDPR Readiness | Impact Assessment

Regulatory change is rarely wanted, but often necessary. When considering the GDPR, the biggest hurdle for many organisations is achieving cultural awareness of the regulation’s importance and understanding the need for change in terms of processes, practices and even behaviours. Effective GDPR implementation requires ‘a new way of doing things’.

It begins with understanding the scope of what is required and where to prioritise your efforts.  Although we follow standardised approaches, we find it is best to tailor these to our clients needs as every client has different areas of risk.


Step one  is to define the context of the organisation within which you are working.  This is important, because understanding the legal basis or legitimate business reasons upon which you are processing personal data will determine the scale of the change required.


Our diagnostic tools will point us in the general direction of gaps, however, it is through stakeholder interviews and a ‘go and see’ approach to the operational processes, which will highlight the areas of greatest risk to your organisation, from a regulation and operational perspective.


Following the high-level flow of personal data through your business processes, we will ascertain the impacts across key areas and the relative risk of exposure in those areas.